Re: A fix for main mode with preshared keys

[Dan Harkins <dharkins@network-alchemy.com>]

On Mon, 13 Dec 1999 11:59:25 +0300 you wrote
> > 
> > What problem? It would help if you could say exactly what you're trying to 
> > solve. It started out as a way to not require keys to be bound to an IP 
> > address. But that problem is solved. So what is it that you're trying to 
> > solve now?
> 
> I think the problem is to not require keys to be bound to an IP address 
> while using Main Mode. You solution doesn't solve this problem, while,
> Hugo's does. And besides, Hugo's solution makes policy lookup in IKE
> more uniform - you always rely only on ID payload content regardless of 
> IKE's mode of operation.

That's not a problem, that's a feature request. What is the problem that
not binding a pre-shared key to an IP address in Main Mode would solve?
Would Base Mode with ID_KEY_ID-based pre-shared keys not solve that problem 
as well? Would RSA (or El-Gamal) encrypted nonces not solve that problem 
as well? 

  Dan.

---

Follow-Ups:

• Re: A fix for main mode with preshared keys
• From: francisco_corella@hp.com

References:

• Re: A fix for main mode with preshared keys
• From: "Valery Smyslov" <svan@trustworks.com>

---

• Prev by Date: RE: heartbeats (summary of responses)
• Next by Date: Re: A fix for main mode with preshared keys
• Prev by thread: Re: A fix for main mode with preshared keys
• Next by thread: Re: A fix for main mode with preshared keys
• Index(es):
  • Main
  • Thread